Everything seems to be working well, and I have followed all of the
instructions in the following link for ossec to decode mysql logs and alert
on rules. https://groups.google.com/forum/#!topic/ossec-list/u4uXvPnGhQ4
I am a little perplexed because everything else seems to be working.
So what is the difference, between say, the parameter
in the ossec.conf file on the Server and the agent.conf file that
eventually gets uploaded to the Agent? I was under the impression that the
frequency setting in ossec.conf would be used locally if the Server were
performing syschecks on
Hi Santiago, I just came across your post. Are you saying that the
auto_ignore and alert_new_files goes in /var/ossec/etc/ossec.conf on the
manager OR in /var/ossec/etc/shared/agent.conf on the manager? Obviously,
the latter will eventually be placed on the Agent. I thought that
That goes on the manager ossec.conf
The manager takes care of analyzing syscheck data received from the agents, and
generate alerts.
I hope it helps
Santiago Bassett
@santiagobassett
> On Feb 23, 2018, at 9:59 AM, temp.email@gmail.com wrote:
>
> Hi Santiago, I just came across your post.
Hi, I run a minor website http://socct.org, unfortunately the acronym
coincides with https://www.wikileaks.org/wiki/SOCCT_(military). For the
last two days the site is taking a multiple site brute force attacks. Apart
from changing our name, any suggestions? I have added an extension rule to